- play_arrow Introduction
- play_arrow Customer Portal Overview
- About the Customer Portal User Guide
- Customer Portal Overview
- Accessing Customer Portal
- Personalize the Customer Portal
- Switching the Tenant Scope
- Setting Up Your Network with Customer Portal
- About the Customer Portal Dashboard
- Changing the Customer Portal Password
- Resetting the Password
- Changing the Password on First Login
- Set a New Password After Your Existing Password Expires
- Configuring Two-Factor Authentication
- Extending the User Login Session
- Resend Activation Link in Customer Portal
- View and Edit Tenant Settings
- play_arrow Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Customer Portal
- Adding Tenant and OpCo Tenant Users
- Editing and Deleting Tenant and OpCo Tenant Users
- Resetting the Password for Tenant Users
- Roles Overview
- About the Tenant Roles Page
- Adding User-Defined Roles for Tenant Users
- Editing, Cloning, and Deleting User-Defined Roles for Tenant Users
- Access Privileges for Role Scopes (Tenant and Operating Company)
- play_arrow SD-WAN and NGFW Deployments
-
- play_arrow Managing Sites, Site Groups, and Site Templates
- play_arrow Managing Sites
- About the Site Management Page
- Multihoming Overview
- Enterprise Hubs Overview
- Understand BGP Underlay Routing and Provider Edge (PE) Resiliency
- Upgrading Sites Overview
- Add Enterprise Hubs with SD-WAN Capability
- Add Provider Hub Sites in SD-WAN Deployments
- Adding Cloud Spoke Sites for SD-WAN Deployment
- Provisioning a Cloud Spoke Site in AWS VPC
- Manually Adding Branch Sites
- Add a Branch Site with SD-WAN Capability
- Adding and Provisioning a Next Generation Firewall Overview
- Enabling Integration with Mist Access Points
- Add a Standalone Next-Generation Firewall Site
- Managing LAN Segments on a Tenant Site
- Manage a Site
- Start a Network Service
- Disable a Network Service
- Delete a Network Service
- Add IP VPN Configuration to Provider Hubs
- Edit IP VPN Configuration for Provider Hubs
- Delete IP VPN Configuration from Provider Hubs
- Viewing the Sites History
- Edit Site Overview
- Edit Branch and Enterprise Hub Site Parameters
- Reconfigure Static Tunnels
- Edit Site Examples
- Upgrading Sites
- Delete a Site—Enterprise Hub, Cloud Spoke, and Branch
- play_arrow Managing Site Groups
- play_arrow Managing Site Templates
- play_arrow Managing Mesh Tags
- play_arrow Managing Dynamic Mesh
-
- play_arrow Managing Devices and Resources
- play_arrow Managing Authentication
- play_arrow Managing Devices
- Device Redundancy Support Overview
- Activate a Device
- Activating Dual CPE Devices (Device Redundancy)
- Viewing the History of Tenant Device Activation Logs
- Zero Touch Provisioning Overview
- Workflow for Onboarding a Device Using ZTP
- Configure an SRX Series CPE to Discover an EX Series Switch or AP Connected to the CPE
- play_arrow Managing Device Images
- play_arrow Managing Resources
- Multidepartment CPE Device Support
- About the Devices Page
- Perform Return Material Authorization (RMA) for a Device
- Grant Return Material Authorization (RMA) for a Device
- Manage a Single CPE Device
- Rebooting a CPE Device
- Configuring APN Settings on CPE Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- View the Current Configuration on a Device
- Generate Device RSI for Enterprise Hub and Spoke Devices
- Configuring the Firewall Device
- About the Physical Interfaces Page
- About the Logical Interfaces Page
- Adding a Logical Interface
- Editing, Deleting, and Deploying Logical Interfaces
- Enable LLDP on a CPE Interface
- Create LAG Interface
- Create a RETH Interface
- Create a Redundancy Group
- Manage Redundancy Groups
- Adding a Security Zone
- Adding a Routing Instance
- Create Management Connectivity Between a CPE and a Switch
- Discover an EX Series Switch or APs Configured Behind a CPE
- View an EX Series Switch or an AP on Mist
- View an SRX Series CPE on Juniper Mist
- About the Static Routes Page
- Adding a Static Route
- Editing, Deleting, and Deploying Static Routes
- play_arrow Managing Device Templates
- play_arrow Managing Configuration Templates
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- play_arrow Managing Licenses
- play_arrow Managing Signature Database and Certificates
- Signature Database Overview
- About the Signature Database Page
- Manually Installing Signatures
- Automating Signature Database Installation
- Managing Signature Installation Settings (Auto Installation)
- Certificates Overview
- About the Certificates Page
- Importing a Certificate
- Installing and Uninstalling Certificates
- About the VPN Authentication Page
- Modify PKI Settings for All Sites
- Modify PKI Settings for Selected Sites
- play_arrow Managing Juniper Identity Management Service
-
- play_arrow Managing Network Services and Shared Objects
- play_arrow Configuring Network Services
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Add a Department
- Delete a Department
- About the Protocols Page
- Add a Protocol Endpoint
- Edit or Delete Protocol Endpoint
-
- play_arrow Monitoring Jobs and Audit Logs
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
-
- play_arrow Monitoring Alarms, Events, and Threats
- play_arrow Monitoring Security Alerts and Alarms
- About the Monitor Overview Page
- Alerts Overview
- About the Generated Alerts Page
- About the Alert Definitions/Notifications Page
- Managing Security Alerts Definitions
- Creating Security Alert Definitions
- Editing, Cloning, and Deleting Security Alert Definitions
- About the Alarms Page
- Enable E-mail Notifications for SD-WAN Alarms
- Rogue Device Detection
- Monitoring Support for LTE Links on Dual CPEs
- play_arrow Monitoring Security
- About the All Security Events Page
- About the Firewall Events Page
- About the Web Filtering Events Page
- About the IPsec VPNs Events Page
- About the Content Filtering Events Page
- About the Antispam Events Page
- About the Antivirus Events Page
- About the IPS Events Page
- About the Screen Events Page
- About the Traffic Logs Page
- play_arrow Monitoring SD-WAN Events
- play_arrow Monitoring Applications
- About the SLA Performance of a Single Tenant Page
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Application Visibility Overview
- About the Application Visibility Page
- About the User Visibility Page
- Viewing Application or User Visibility Data for Specific Sites
- play_arrow Monitoring Threats
- Syslog Streaming
-
- play_arrow Managing Reports
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Scheduling, Generating, Previewing, and Sharing Security Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Creating ANR Report Definition
- Editing, Deleting, and Cloning Log Report Definitions
- Editing, Deleting, and Cloning Bandwidth Report Definitions
- Editing, Deleting, and Cloning ANR Report Definitions
- play_arrow SD-WAN Reports
-
ON THIS PAGE
About the IPS Signatures Page
Use intrusion prevention system (IPS) signatures to monitor and prevent intrusions. IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected.
Tasks You Can Perform
View the details of an IPS signature—Select an IPS signature and click More > Details, or mouse over the IPS signature and click the Detailed View icon. The IPS Signature Details View page appears. See Table 2 for an explanation of fields on this page.
View the details of an IPS signature static group—Select an IPS signature static group and click More > Details, or mouse over the IPS signature static group and click the Detailed View icon. The IPS Static Group Details page appears. See Table 3 for an explanation of fields on this page.
View the details of an IPS signature dynamic group—Select an IPS signature dynamic group and click More > Details, or mouse over the IPS signature dynamic group and click the Detailed View icon. The IPS Signature Dynamic Details View page appears. See Table 4 for an explanation of fields on this page.
Create an IPS signature—See Create IPS Signatures.
Create an IPS signature static group—See Create IPS Signature Static Groups.
Create an IPS signature dynamic group—See Create IPS Signature Dynamic Groups.
Edit, clone, or delete an IPS signature—See Edit, Clone, and Delete IPS Signatures.
Edit, clone, or delete an IPS signature static group—See Edit, Clone, and Delete IPS Signature Static Groups.
Edit, clone, or delete an IPS signature dynamic group—See Edit, Clone, and Delete IPS Signature Dynamic Groups.
Search for IPS signatures, static groups or dynamic groups by using keywords—Click the search icon and enter the search term in the text box and press Enter. The search results are displayed on the same page.
Filter IPS signatures, static groups or dynamic groups—Click the filter icon (funnel) and specify one or more filtering criteria. The filtered results are displayed on the same page.
Sort IPS signatures, static groups or dynamic groups—Click a column name to sort the data in the grid (table) based on the column name.
Note:Sorting is applicable only to some fields.
Show or hide columns—Click the Show Hide Columns icon at the top right corner of the page and select the columns that you want displayed on the page.
Field Descriptions
Table 1 describes the field on the IPS Signatures page.
Field | Description |
|---|---|
Name | Name of the IPS signature, IPS signature static group, or IPS signature dynamic group. |
Severity | Severity level of the attack that the signature will report. |
Category | Category of the attack object. |
Object Type | Displays the type of attack object:
|
Recommended | Indicates whether the attack objects are recommended by Juniper (True) or not (False). |
Action | Action taken when the monitored traffic matches the attack objects specified in the IPS rules. |
Definition Type | Displays whether the IPS signature, static group, or dynamic group was created by CSO (Predefined) or user-created (Custom). |
CVE | Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. |
CERT | Displays the computer emergency response team (CERT) advisory number associated with the threat. |
BUG | Displays the list of bugs that are related to the signature attack. |
False Positives | Displays the frequency with which the attack produces a false positive on your network. |
Service | Protocol or service that the attack uses to enter your network. |
Performance Impact | Performance impact of the IPS signature. |
Direction | Direction of the traffic for which the attack is detected; for example, client to server. |
Field | Description |
|---|---|
Name | Name of the IPS signature. |
Description | Description of the IPS signature. |
URL(s) | Displays the URLs that have the details about the signature attack. For example, http://www.faqs.org/rfcs/rfc2865.html. |
Category | See Table 1. |
Recommended | See Table 1. |
Action | See Table 1. |
Keywords | Keywords associated with the IPS signature. |
Severity | See Table 1. |
BUGS | See Table 1. |
CERT | See Table 1. |
CVE | See Table 1. |
Signature Details | |
Binding | Protocol or service that the attack uses to enter your network. |
Service | For service binding, displays the service the attack uses to enter your network. |
Time Count | Number of time that IPS detects the attack in a specified time scope. |
Signature | Displays (in a table) the signature attack objects configured as part of the IPS signature. For each row, the following fields are displayed:
|
Anomaly | Displays (in a table) the protocol anomaly attack objects configured as part of the IPS signature. For each row, the following fields are displayed:
|
Field | Description |
|---|---|
Name | Name of the IPS signature static group. |
Description | Description of the IPS signature static group. |
Group Members | Displays the IPS signatures or IPS signature dynamic groups that are part of the IPS static group. See Table 1 for an explanation of the fields in the table. To view the details, select a row, click More > Details, or mouse over a row and click the Detailed View icon. Depending on the object type, the IPS Signature Details View page or IPS Signature Dynamic Details View page appears. See Table 2 and Table 4 for an explanation of the fields on these pages. |
Field | Description |
|---|---|
Name | Name of the IPS signature dynamic group. |
Severity | Severity filters used for the dynamic group. |
Service | Services filters used for the dynamic group. |
Category | Category filters used for the dynamic group. |
Recommended | Indicates whether predefined attack objects recommended by Juniper are added to the dynamic group (true) or not (false). |
Direction | Traffic direction (for which the attack is detected) filters used for the dynamic group. |
Performance Impact | Performance impact filter used for the dynamic group. |
False Positive | False positive filter used for the dynamic group. |
Age of Attack | Age of the attack (in years) used as a filter for the dynamic group. |
CVSS Score | Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
File Type | File type of the attack used as a filter for the dynamic group. |
Vulnerability Type | Vulnerability type of the attack used as a filter for the dynamic group. |
Object Type | Type of object (anomaly or signature) used as a filter for the dynamic group. |
Vendor Description | Vendor or product that the attack belongs to. |
